Received: by 2002:a05:7412:8d11:b0:fa:4934:9f with SMTP id bj17csp669856rdb; Mon, 15 Jan 2024 09:34:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IEbYUVD+0WsbiYKvjfRa9PaAbygWDOm5nADzHtg4/JflY5zSfwzxgjePJabj/sy/OkyfDMs X-Received: by 2002:a05:622a:10:b0:429:fe7f:c1f with SMTP id x16-20020a05622a001000b00429fe7f0c1fmr603624qtw.74.1705340070495; Mon, 15 Jan 2024 09:34:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705340070; cv=none; d=google.com; s=arc-20160816; b=rEM7pxjw49jApWv6cMs6nI0wTo8NGM/CwK7hTtizP6tlGkph/Owq6kKajXruQQOXTB 0LqwfouLZYuEy082tB09x9wrJfD7LoCsC1CRRNBfaY61RIpExYGTXqmCKIkZ5EJ1jMvC q/uvK9IuXb7Tq8kmNIq57EKPWiLgt1U3LuEU5kjRtkkiBRTnKSAObYgkbe4DnwH8jnfl JQc2If7ZUmwJF6dBhlQ89kjzROHfvwSji3X41Lu69FnSEyDsyTBKcoiu9dQNMT6TCdZg lv05A1P56vs5TS82JN1bYVo2XIFxaNd6aKOjFUvTJCvMmYMl7rE5H3jFjaiNp9AFRzlO uX+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=JYllC9VYl+NNkG1Spylnxd9LFnw0aD4usyKTo8d4DbM=; fh=n20MorCtWsYdrFFZRh9knjHu6oORm29Ywf9a4+SBvUE=; b=iAkPIUlwXTNDNgPF078d90dGVunhhokgVaykml7zz+Ro4dRK3Eiykp4o+HOfSBHU3b 6nLoICUk0+rhy9T3bRvMrj2hAlhVoNM+/SyOm0xvcJW4kxNtIEmnBkXHkk3XJZdaBi1x 1aJvM1afaJfsWy3QGBAMPDJxoOH9kFSidA9PuejqS8HTdw0vJOFrBjagvDgb2LnvBQJo tbSFAIQXW21xZSWrueMjpN34ymV4HIjgSn4jDA1GSzsIFU2vOMMqPaBJEFgx7KoNFg1o WdU9BMpnGmwIWKV0XdDsolL6bFcU9GeIKcLm1s1vP/AU3rbWi5nBruDz6/M8Mwiz8LGT ZyKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NDsqGDId; spf=pass (google.com: domain of linux-kernel+bounces-26321-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26321-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id o20-20020a05622a009400b00429f990ff9dsi1081360qtw.136.2024.01.15.09.34.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 09:34:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-26321-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NDsqGDId; spf=pass (google.com: domain of linux-kernel+bounces-26321-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26321-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 437E41C21DD2 for ; Mon, 15 Jan 2024 17:34:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D23A3182B5; Mon, 15 Jan 2024 17:34:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NDsqGDId" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0B6F4182A0; Mon, 15 Jan 2024 17:34:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83087C433C7; Mon, 15 Jan 2024 17:34:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1705340061; bh=2cyFxe3uTqXct4jEHJssjWPzlGUygaQOIyDsjApVixs=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=NDsqGDIdECNVMWc+uAQHFv77zTzI5T522ItTdcWbGbiidpMdS71qAqKcTWOJWnWL9 +3C6sbRpMZs2bWs3h/nmboU8I2UO8EwSv8AVSssH5cCAXp7H6i4zX0kVUucRvOK4wj o4rA7dLoHtMdlxxhe+yNFIjxxHByYyLNlZhPHnbyjnUxmK6KOZZ+xSGVe2zHXQ/QiF I9tASWxZfH4n043KIl4rErlj0xolpjIUCtazroKabuEFa7b2Cb1qfPH1KzO4YeTJni q4xTI9OtbnmvHXxmQDQTGTHXWU0uJtUk0J+jFlTvEwWCdT3ALxRo0cHm/K2ZX7fqKu TTQs+myvvVlMw== Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-50eabd1c701so10909227e87.3; Mon, 15 Jan 2024 09:34:21 -0800 (PST) X-Gm-Message-State: AOJu0YxQyQ3IZ7MX0G7hkq7pIJv4FjFfPJlXFafYITsRpiWIrJKQIRZp uoUDwjeaNe9i3XeN3hQqT/bgl6aXJGPcLxLBVUE= X-Received: by 2002:ac2:44ba:0:b0:50e:7b63:556c with SMTP id c26-20020ac244ba000000b0050e7b63556cmr2378330lfm.101.1705340059757; Mon, 15 Jan 2024 09:34:19 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <56b52d4e-9dc0-400c-a141-7e70f5c72afa@siemens.com> In-Reply-To: <56b52d4e-9dc0-400c-a141-7e70f5c72afa@siemens.com> From: Ard Biesheuvel Date: Mon, 15 Jan 2024 18:34:08 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] riscv/efistub: Ensure GP-relative addressing is not used To: Jan Kiszka Cc: Palmer Dabbelt , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" On Sat, 13 Jan 2024 at 11:35, Jan Kiszka wrote: > > On 12.01.24 19:56, Palmer Dabbelt wrote: > > On Fri, 12 Jan 2024 10:51:16 PST (-0800), Ard Biesheuvel wrote: > >> Hi Jan, > >> > >> On Fri, 12 Jan 2024 at 19:37, Jan Kiszka wrote: > >>> > >>> From: Jan Kiszka > >>> > >>> The cflags for the RISC-V efistub were missing -mno-relax, thus were > >>> under the risk that the compiler could use GP-relative addressing. That > >>> happened for _edata with binutils-2.41 and kernel 6.1, causing the > >>> relocation to fail due to an invalid kernel_size in handle_kernel_image. > >>> It was not yet observed with newer versions, but that may just be luck. > >>> > >>> Signed-off-by: Jan Kiszka > >>> --- > >>> > >>> Something like this should go to stable as well, but we will need > >>> rebased patches. > >>> > >>> drivers/firmware/efi/libstub/Makefile | 2 +- > >>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>> > >>> diff --git a/drivers/firmware/efi/libstub/Makefile > >>> b/drivers/firmware/efi/libstub/Makefile > >>> index 06964a3c130f..d561d7de46a9 100644 > >>> --- a/drivers/firmware/efi/libstub/Makefile > >>> +++ b/drivers/firmware/efi/libstub/Makefile > >>> @@ -28,7 +28,7 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN > >>> -DEFI_HAVE_STRNLEN \ > >>> -DEFI_HAVE_MEMCHR > >>> -DEFI_HAVE_STRRCHR \ > >>> -DEFI_HAVE_STRCMP -fno-builtin > >>> -fpic \ > >>> $(call > >>> cc-option,-mno-single-pic-base) > >>> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE > >>> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax > >> > >> Can we detect the presence of these references (via the relocation > >> type)? We already do something similar for ordinary absolute > >> references too. > > > > If there's no `__global_pointer$` symbol then the linker won't make > > GP-relative relaxations (because it doesn't know where GP is). We > > usually define that symbol in the linker script, but I'm not entierly > > sure how libstub gets its linker script... > > > > The stub seems to be linked together with the rest of the kernel, thus > the regular arch/riscv/kernel/vmlinux.lds.S is used. > Indeed - the EFI stub is part of the same executable as vmlinux, we just mangle the symbol names to ensure that only code that can be safely called from the EFI stub can be linked to it. If the effect of -mno-relax is to stop emitting R_RISCV_RELAX relocations, we should perhaps add those to the STUBCOPY_RELOC-y Makefile variable? (in the same file). BTW R_RISCV_HI20 doesn't seem like the right value there to begin with: the idea of that is to disallow ELF relocations that evaluate to expressions that can only be known at runtime (like absolute addresses for global pointer variables)